package com.spboot.config;

import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

import com.spboot.config.realm.UserRealm;


import java.util.HashMap;
import java.util.Map;

import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.apache.shiro.crypto.hash.SimpleHash;
import org.apache.shiro.mgt.SecurityManager;

/**
 * shiro 配置
 * @author 随风
 *
 */
@Configuration
public class ShiroConfig {
	//核心过滤器
	@Bean
	public ShiroFilterFactoryBean shirFilter(org.apache.shiro.mgt.SecurityManager securityManager){
		ShiroFilterFactoryBean factoryBean = new ShiroFilterFactoryBean();
		
		//配置拦截url规则
		//不拦截anon 授权authc
		Map<String, String> filterChainDefinitionMap = new HashMap<String, String>();
		filterChainDefinitionMap.put("/css/**", "anon");
		filterChainDefinitionMap.put("/js/**", "anon");
		filterChainDefinitionMap.put("/fonts/**", "anon");
		filterChainDefinitionMap.put("/img/**", "anon");
		filterChainDefinitionMap.put("/plugins/**", "anon");
		
		//登陆处理接口不拦截
		filterChainDefinitionMap.put("/doLogin", "anon");
		filterChainDefinitionMap.put("/**", "authc");
		//
		factoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);;
		factoryBean.setSecurityManager(securityManager);
		factoryBean.setLoginUrl("/");
		factoryBean.setSuccessUrl("/main");
		return factoryBean;
	}
	//SecurityManager
	@Bean
	public SecurityManager securityManager(){
		DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
		securityManager.setRealm(userRealm());
		return securityManager;
	}
	//Realms
	@Bean
	public UserRealm userRealm(){
			UserRealm userRealm = new UserRealm();
			userRealm.setCredentialsMatcher(hashedCredentialsMatcher());
			return userRealm;
	}
	
	//密码加密适配器
	@Bean
	public HashedCredentialsMatcher hashedCredentialsMatcher(){
		HashedCredentialsMatcher credentialsMatcher = new HashedCredentialsMatcher();
		credentialsMatcher.setHashAlgorithmName("md5");//方式
		credentialsMatcher.setHashIterations(2);//md5(md5())
		return credentialsMatcher;
	}
	
	/**
	 * 使用aop处理权限注解
	 * @param securityManager
	 * @return
	 */
	@Bean
	public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SecurityManager securityManager) {
		AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor();
		authorizationAttributeSourceAdvisor.setSecurityManager(securityManager);
		return authorizationAttributeSourceAdvisor;
	}

	@Bean
	public DefaultAdvisorAutoProxyCreator advisorAutoProxyCreator() {
		DefaultAdvisorAutoProxyCreator advisorAutoProxyCreator = new DefaultAdvisorAutoProxyCreator();
		advisorAutoProxyCreator.setProxyTargetClass(true);
		return advisorAutoProxyCreator;
	}
	
	
	public static void main(String[] args){
		//salt
		System.out.println(new SimpleHash("md5","123456","admin",2).toString());
	}
}
